[PM 35227](server) Extend checkout endpoint for browser/desktop platforms

[cyprain-okeke]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-35227

📔 Objective

Purpose: Extends the premium checkout session endpoint to support browser and desktop platforms, in addition to the existing ios and android platforms.

Changes:

• Added browser and desktop as valid platform constants in StripeConstants
• Updated request validation to accept the new platforms
• Introduced platform-specific success/cancel redirect URLs so browser and desktop clients are redirected to appropriate post-checkout pages (separate from mobile URLs)
• Added new GlobalSettings properties for browser and desktop checkout URLs (BrowserPremiumCheckoutSuccessUrl, BrowserPremiumCheckoutCancelUrl, DesktopPremiumCheckoutSuccessUrl, DesktopPremiumCheckoutCancelUrl)
• Extracted URL resolution into a GetCheckoutUrls method that switches on platform
• Added unit tests for request validation and platform-specific URL routing, including browser, desktop, and unsupported platform cases

📸 Screenshots

[github-actions]

Checkmarx One – Scan Summary & Details – c8540d4a-0d74-4e39-8ac8-cc26eb5ef230

---

New Issues (2)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CSRF	src/Api/Vault/Controllers/CiphersController.cs: 1558	details Method at line 1558 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
2		CSRF	src/Api/Vault/Controllers/CiphersController.cs: 1385	details Method at line 1385 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector

[kdenney]

LGTM, nice job! Checks are failing but will most likely be fixed once key rotation is all wrapped up.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.78%. Comparing base (55e06e3) to head (5d00321).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7550      +/-   ##
==========================================
+ Coverage   59.76%   59.78%   +0.02%     
==========================================
  Files        2103     2103              
  Lines       92738    92762      +24     
  Branches     8262     8263       +1     
==========================================
+ Hits        55426    55459      +33     
+ Misses      35354    35345       -9     
  Partials     1958     1958              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud